Lucene search

K
cve[email protected]CVE-2006-0844
HistoryFeb 22, 2006 - 2:02 a.m.

CVE-2006-0844

2006-02-2202:02:00
web.nvd.nist.gov
16
cve-2006-0844
authentication bypass
cookie
leif m. wright's blog 3.5
nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%

Leif M. Wright’s Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie.

Affected configurations

NVD
Node
leif_m._wrightweb_blogMatch3.5

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%